diff options
Diffstat (limited to 'share/www/script/couch_tests.js')
-rw-r--r-- | share/www/script/couch_tests.js | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/share/www/script/couch_tests.js b/share/www/script/couch_tests.js index 8575da6f..3c14b761 100644 --- a/share/www/script/couch_tests.js +++ b/share/www/script/couch_tests.js @@ -1991,11 +1991,25 @@ var tests = { reason:"Documents must have an author field", http_status:403}; } - if (oldDoc && oldDoc.author != userCtx.name) { + + // Note, the next line could be: + // + // if (oldDoc && oldDoc.author != userCtx.name) { + // + // when name is the result of basic authentication, and added: + // + // headers: + // {"WWW-Authenticate": "Basic realm=\"" + userCtx.db + "\""}, + // + // to the thrown exception. But when trying to authenticate in this + // manner, most browsers have weird behaviors that make testing it + // in the browser difficult. So instead we use special header values + // a proof of concept. + if (oldDoc && oldDoc.author != userCtx["X-Couch-Username"]) { throw {error:"unauthorized", reason:"You are not the author of this document. You jerk.", headers: - {"WWW-Authenticate": "Basic realm=\"" + userCtx.db + "\""}, + {"X-Couch-Foo": "bar"}, http_status:401}; } }).toString() + ")" @@ -2003,14 +2017,14 @@ var tests = { db.save(designDoc); - var userDb = new CouchDB("test_suite_db", {username:"test user", password:"foo"}); + var userDb = new CouchDB("test_suite_db", {"X-Couch-Username":"test user"}); try { userDb.save({foo:1}); T(false && "Can't get here. Should have thrown an error"); } catch (e) { T(e.error == "forbidden"); - T(e.http_status == 403); + T(userDb.last_req.status == 403); } userDb.save({_id:"testdoc", foo:1, author:"test user"}); @@ -2019,7 +2033,7 @@ var tests = { doc.foo=2; userDb.save(doc); - var user2Db = new CouchDB("test_suite_db", {username:"test user2"}); + var user2Db = new CouchDB("test_suite_db", {"X-Couch-Username":"test user2"}); var doc = user2Db.open("testdoc"); doc.foo=3; @@ -2028,7 +2042,8 @@ var tests = { T(false && "Can't get here. Should have thrown an error 2"); } catch (e) { T(e.error == "unauthorized"); - T(e.http_status == 401); + T(user2Db.last_req.status == 401); + T(user2Db.last_req.getResponseHeader("X-Couch-Foo") == "bar"); } |